sea-tug meeting jan 2014

1/28/2014

1

The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice

Mark VillinskiMark VillinskiKaspersky LabKaspersky Lab@@markvillinskimarkvillinski

Never ending….

2013 Corporate Threats Survey• 91% of business’s suffered

one cyber attack in the last 12 months

• 9% of business’s were victims of a targeted attack

• Malicious programs could soon replace company insiders as the way of gathering information

https://www.securelist.com/en/analysis/204792317/Kaspersky_Security_Bulletin_2013_Corporate_threats

Top 5 Cybercriminal Motives for 2013 Attacks

http://www.crn.com/slide-shows/security/240164580/top-5-cybercriminal-motives-in-2013-attacks.htm

• Financial losses

• Damaging company reputation

• Stealing money

• Wiping Data, Blocking Infrastructure

• Stealing Information

1/28/2014

2

Kaspersky LabEvolution of malware waves we have to deal with

PAGE 5 |

1994

One new virus every hour


PAGE 6 |

2006

One new virus every minute


PAGE 7 |

2011

One new virus every second

Or 70,000 samples/day

What about

2014

?

1/28/2014

3

What about

2012

?

Kaspersky Lab

is currently processing

300,000

unique malware samples

EVERY DAY

THREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORETHREATS: SMARTER, FASTER, MORE

Data is on the Move

Device Proliferation

Data Storage Capability

Loss of Confidential Data

Untrusted Networks

“BIGBIG data equals BIGBIG

security challenges.”Forrester

More Data, More Problems

1/28/2014

4

Evolution Of Our Networks

Online Account TakeoverCorporate accounts are targeted because of the large balances and the ACH credits that are

generated have expedited funds availability. Corporate accounts do not offer the same

legal protections that consumer accounts are provided from Regulation E.

Threat Landscape - Malware

APT

New vulnerabilities to exploit

New breeds of malware to deploy

and execute

Continual bombardment of the

target

End users highly susceptible

1/28/2014

5

RSA: TARGETED ATTACK CASE STUDY

▶ On March 17th 2011, RSA announced that it was hacked

▶ During the 2011 Kaspersky Security Analyst Summit, Uri Rivner from RSA how it happened:

▶ Two employees received an e-mail which contained a spreadsheet attachment labeled “2011 Recruitment Plan”.

▶ The e-mail has been marked as SPAM and put into the spam folder

▶ One of the employees opened it…and released a zero-day Adobe Flash vulnerability.

RSA E-mail & Attachment

http://www.f-secure.com/weblog/archives/00002226.html

The BlueprintHow does this happen?

Net Traveler – 350 Victims in 40 Countries

1/28/2014

6

ORIGINAL CORPORATE SECURITY PERIMETER

TODAY’S SECURITY PERIMETER

VULNERABILITIES – WHO IS AT RISK?

▶ In the first half of 2013, over 30,900,000 vulnerable programs

and files were detected on user computers running Kaspersky

Security Network (KSN)

▶ An average of 8 vulnerabilities were detected on each user’s

computer

▶ 45% of vulnerabilities detected by users were Oracle & Java

▶ Oracle Java, Adobe Reader, Office and Adobe Flash are the

most exploited programs by cybercriminals in attacks

Source: Kaspersky Lab 2013 Vulnerabilities Report

In short, many more users are vulnerable than

conventional thinking suggests

Vulnerable Apps Exploited by “The Bad Guys”

1/28/2014

7

▶ Vulnerabilities can enable

attackers to do several

things including accessing

systems and bypassing

security.

▶ Several exploits can be

developed per vulnerability

and are high commodities

in the cybercriminal

underground

EXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIESEXPLOITING VULNERABILITIES

2013 Key Statistics• Neutralized 5,188,740,554 cyber attacks on users

computers and mobile devices

• Neutralized 1,700,870,654 attacks from online

resources

• Detected 3,000,000,000 attacks on users computers.

• 45% of neutralized web attacks were from web

resources located in US and Russia

KASPERSKY LAB ANALYSIS REPORT

▶ In 2012-2013, 37.3 million users around the world were subjected to phishing attacks, up 87% from 2011-2012

▶ The number of distinct sources of attacks in 2012 and 2013 increased 3.3 times (+330%)

SOURCE: THE EVOLUTION OF PHISHING ATTCKS 2011-2013, KASPERSKY LAB ANALYSIS REPORT

▶ 102,100 Internet users around the world were subjected to phishing attacks daily!

Sources of Spam by Country

PAGE 28 |Source: Kaspersky Lab November 2013

1/28/2014

8

THE EVOLVING SHAPE OF THE WORKPLACE

THE HUGE RISE OF MOBILE MALWARE

0

10000

20000

30000

40000

50000

60000

70000

80000

2010 2011 2012 2013

Mobile Malware Unique Samples

Unique mobile malware samples collected 2004 - 2010 1,160

Up to December 2013 148778

2011 saw a sharp rise 6,193

2012 saw another sharp rise 40,000

Source Kaspersky Lab December 2013

2013 Mobile Malware Breakdown

• All mechanisms used to target

PC’s moving to mobile

• Main target to steal money;

secondary target to steal personal

data

• Majority of Mobile Malware are

botnets with rich feature set

• Online Banking the clear target

https://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013

Mobile Malware by Mobile OS


2103 Observations

• Android 99.92 % of all attacks

• Emergence of Mobile Botnets

• First 3rd Party Botnets, i.e. mobile devices infected with other malicious

programs used to distribute mobile malware. (Qbad)

• New program steal money from online bank accounts and phone accounts

• Major android vulnerabilities

• Using GCM to control botnets

• APT attacks

• Attacks on PC’s through Android Platform


1/28/2014

9

I saw this just before a flight…

Large Android Botnet

The stories just keep coming……….

In the last few months

1/28/2014

10

“B Y O D”The Effects of Consumerization

•• Dual use ofDual use of computers for computers for personal and business personal and business purposespurposes

•• TrojanTrojan InfectionsInfections

•• Puts VPN Credential at riskPuts VPN Credential at risk

•• IncreasedIncreased risk of data loss risk of data loss (theft)(theft) Base= 1508 Security Decision-Makers

Source: Forrsights Security Survey, Q2 2012

Which of the following security technologies and po licies, if any, would alleviate your concerns?

[Concerned about employee-provisioned devices]

53%

41%

47%

60%

65%

62%

66%

71%

46%

55%

65%

71%

66%

70%

73%

84%

47%

57%

66%

72%

73%

73%

80%

83%

Transparency and auditing of what data consumer …

Application control

Selective wipe

Network security features like encrypted email …

Password entry for device access

Anti-malware protection for the device

Encryption capabilities for data on the device

Remote lock and remote wipe in case the device is lost …

VSB (2-19 employees) SMB (20-999 employees) Enterprise (1,000 or more employees)

Remote lock/wipe and data encryption are the top 2 “must-haves” to

alleviate concerns with BYOD at companies of all sizes

The DropZone – This is Real

1/28/2014

11

Cyber Scam Predictions 2014• TV’s watching you

• More Ramsomware

• Destroying Data rather than collect it

• Loving the “Like”

• More Mobile Malware

• Targeting Software Developers

http://blog.aarp.org/2013/12/27/cyber-scam-predictions-for-2014/

Kaspersky Lab 2014 Forecast• Mobile Threat Evolution

• Attacks on Bitcoin

• Problems protecting privacy

• Attacks on Cloud Storage Facilities

• Attacks on Software Developers

• Cyber-mercenaries

• Fragmentation of Internet

• The pyramid of cyber-threats

http://www.securelist.com/en/analysis/204792320/Kaspersky_SecurityBulletin_2013_Forecasts

5 Ways IT is5 Ways IT isEnablingEnabling

CybercrimeCybercrime

Be Ready for What’s NextBe Ready for What’s Next

1) Migration MyopiaBelieving that company data never finds its way to home systems

1/28/2014

12

2) Social Media ManiaAdopting Social Media Without Protection

ResponseDetectionPrevention

3) Attention Misdirection

• 95% of respondents listed the 12 items below

• 95% thought that Prevention was key

• IT Security spending follows the same mindset

Focusing on Protection vs. Detection and Response

Alarm Motion detectorMonitoring Crime watch

Doors LocksWindows Fence

Dog GunPolice Insurance

Source: “Data @ Risk” by David H. Stelzl

How They Break In:

34% 34% 9% 9%

23% 23% 4% 4%

22% 22% 2% 2%

4) Awareness Deficit

Failing To Foster A Culture Of Awareness

5) Reliance on Compliance• Compliance… just one step north of negligence.

Josh Corman, the 451 Group

Compliant Lifeboat Capacity:

1,060

Actual Lifeboat Capacity:

1,178

Passengers:

3,547

1/28/2014

13

Malware

The impact on IT security

Mobile / BYOD

Your data is onthe move!

The #1 target: applications!

49

YOUR DATA

Response: Anti-malware plus

management tool / dashboard

Response: Systems / patch management

Response: Data encryption

Response: Mobile device management (MDM)

Malware

The impact on IT security

Mobile / BYOD



50

YOUR DATA

Response: Anti-malware plus

management tool / dashboard

Response: Systems / patch management

Response: Data encryption

Response: Mobile device management (MDM)

This is complexityCOMPLEXITY IS THE ENEMY OF IT SECURITY

Malware

What if?

Mobile / BYOD



51

YOUR DATA1PLATFORM

MANAGEMENT CONSOLE

COST

Endpoint control tools: application, device

and web control

Systems Management

including patch

management

52

Kaspersky Endpoint Security for Business

All managed through a single management console: Kaspersky Security Center

Anti-malwaretraditional & cloud-assisted

Mobile securityMDM plus mobile security

agent

Data encryptionfile / folder,

full-disk

1/28/2014

14

80%

57%52%

44%38% 38% 38%

29% 27%21% 20%

11%5% 4%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%Top-3 Position in Anti- malware tests

2323% gap% gap

sea-tug meeting jan 2014

Documents